Login Choices Not Saved w/Auto Login Not Selected

When a user logs in and selects "No" in the "Keep me Logged-in on this computer (requires cookies)" the forum software does not remember that choice when that user returns to the forum and logs in again.  The fact that the user does not wish to be automatically logged in used to be retained.   Further, it seems that the forum software could easily retain in the cookie that the user has previously accepted the Forum Rules and Policies, but it does not.  It appears that it is an unintended error that the returning user must again click the No button  for the auto log on choice and an unnecessary requirement to always indicate their acceptance of the Forum Rules and Policies even though this acceptance has been indicated in the past each time they have logged on.

iSec wrote: WebWizForumUser wrote: ...an unnecessary requirement to always indicate their acceptance of the Forum Rules and Policies even though this acceptance has been indicated in the past each time they have logged on. I wanna comment on the quoted comment above. How would the forum software know that the user who's trying to login again is the same person who logged in previously? It could well be a shared computer used by more than one user. Wouldn't you agree?

Of course, but that is completely irrelevant.  That circumstance could be exactly the reason that the user chose to NOT have their log on persist.  When you return to the forum and are prompted to log on again, you get the default settings for all the choices again which are Yes for keep me logged on and Yes for add me to the active users and No for acceptance of the forum rules and policies.  At the very least, for someone who last said they did not want to be remembered, they should not have to once again check the No button.  See below to understand why it is okay to leave all the buttons set as the last were for the most recent user of that computer that logged on the forum.

As for your concern that someone else could be using a shared computer, the real security gap is exactly that case where the last user said to remember them and automatically log them on.  This allows the next user to get onto the forum bypassing the log on sequence completely.  There is simply no protection against this issue with the ability to be automatically logged on.  In the case where someone has said in the past that they do not want to be logged on automatically, the new user must know the other person's log on credentials in order for there to be a security risk to the forum!  So, there is no harm in the software's assuming that the last user of the computer is also the next user and leaving the 3 buttons set as that user last left them.  Any new user cannot do anything other than the public can do without having forum credentials.

So, while I agree that the next user of that computer could be a different person, it does not concern me at all and is not a security risk.  Do you agree with what I have said?

Thank you for the explanation.  I had not taken into account the changing legal requirements in Europe and the US.